Datto RMM: Event Log Monitor: Filtering Event Descriptions

Datto RMM: Event Log Monitor: Filtering Event Descriptions

Topic

This article describes how to use filter Windows event log descriptions from alerts using the Event Log Monitor.

Environment

Datto RMM

Description

When using an Event Log Monitor, you can filter the alert criteria based on the event description or message body by using the (-) character in the Event Descriptions field. This ensures that the Event Log Monitor only triggers and sends alerts based on criteria you find relevant.

Figure 1: Event Descriptions (click to enlarge)

The example in Figure 1 displays two errors in the Windows event log with the Event ID 16387. You would want to exclude any event that contains the Error Code 0x80070002 in its description.

Figure 2: Two example errors (click to enlarge)

To accomplish this, you can enter the (-) character and the Error Code in the Event Descriptions field:

-"Error Code: 0x8007000"

You can also enter only the value of the Error Code:

-"0x80070002"

Another example has a Windows installer event with an Event ID of 1040. You would want to filter Datto RMM installation events.

Figure 3: Event 1040 (click to enlarge)

You can use the wildcard character (%) to filter all events that trigger in a directory path:

-"%C:\ProgramData\Centrastage\Packages%"

You can also add multiple filters by separating each string with a space: